ORAC
2nd Jul 2014, 08:22
Streetwise Professor: Energetic Bear. Conspicuous Silence. (http://streetwiseprofessor.com/?p=8556)
In news that should shock no one, Russian hackers have unleashed a Stuxnet-like virus against American and European energy companies (http://www.nytimes.com/2014/07/01/technology/energy-sector-faces-attacks-from-hackers-in-russia.html?_r=1). One of the security firms that discovered the intrusion has labeled it “Energetic Bear”. Energetic because it involves energy. Bear because it involves Russia. The Russian link is based on time stamps and the presence of Cyrillic in the code. Moreover, the sophistication of the software strongly suggests (Russian) state involvement.
Though most of the attacks appear to be designed to collect information about the industrial control systems used by these energy companies, that is cold comfort: careful attackers collect intelligence to identify vulnerabilities before mounting an attack. This is also a way of sending a message: You are vulnerable. You mess with us, we can mess with you.
The news of the Russian hack was announced by Kaspersky, the famous cybersecurity firm.
Just kidding. I’m such a card. This revelation came from 2 US firms. Kaspersky has been as quiet as a mouse. A dead mouse.
Which is always the way when there is a Russian hack. When there is an American operation, e.g., Stuxnet, Kaspersky trumpets it for all the world to hear.
One other thing. The names of the SCANA producers targeted have not been revealed. But note that Siemens, the most vocal corporate supporter of Russia in Germany and the most vehement opponent to sanctions, is one of the world leaders in SCANA systems. So it is almost certain that Siemens has been a target of Energetic Bear. But Siemens has been as silent as Kaspersky.
The silences are far more revealing than the story itself.
Symantec: Emerging Threat: Dragonfly / Energetic Bear – APT Group (http://www.symantec.com/connect/blogs/emerging-threat-dragonfly-energetic-bear-apt-group)
In news that should shock no one, Russian hackers have unleashed a Stuxnet-like virus against American and European energy companies (http://www.nytimes.com/2014/07/01/technology/energy-sector-faces-attacks-from-hackers-in-russia.html?_r=1). One of the security firms that discovered the intrusion has labeled it “Energetic Bear”. Energetic because it involves energy. Bear because it involves Russia. The Russian link is based on time stamps and the presence of Cyrillic in the code. Moreover, the sophistication of the software strongly suggests (Russian) state involvement.
Though most of the attacks appear to be designed to collect information about the industrial control systems used by these energy companies, that is cold comfort: careful attackers collect intelligence to identify vulnerabilities before mounting an attack. This is also a way of sending a message: You are vulnerable. You mess with us, we can mess with you.
The news of the Russian hack was announced by Kaspersky, the famous cybersecurity firm.
Just kidding. I’m such a card. This revelation came from 2 US firms. Kaspersky has been as quiet as a mouse. A dead mouse.
Which is always the way when there is a Russian hack. When there is an American operation, e.g., Stuxnet, Kaspersky trumpets it for all the world to hear.
One other thing. The names of the SCANA producers targeted have not been revealed. But note that Siemens, the most vocal corporate supporter of Russia in Germany and the most vehement opponent to sanctions, is one of the world leaders in SCANA systems. So it is almost certain that Siemens has been a target of Energetic Bear. But Siemens has been as silent as Kaspersky.
The silences are far more revealing than the story itself.
Symantec: Emerging Threat: Dragonfly / Energetic Bear – APT Group (http://www.symantec.com/connect/blogs/emerging-threat-dragonfly-energetic-bear-apt-group)